[3313] in bugtraq
Reachable addresses on the net (was SYN floods)
daemon@ATHENA.MIT.EDU (Oliver Xymoron)
Tue Sep 3 01:04:35 1996
Date: Sat, 31 Aug 1996 18:10:50 -0500
Reply-To: Oliver Xymoron <oxymoron@waste.org>
From: Oliver Xymoron <oxymoron@waste.org>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---943244931-1464777792-841532616=:11491
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.LNX.3.93.960831180706.11491D@waste.org>
The discussion of whether a random address was reachable (someone had
claimed about half were) got me thinking.. what percentage of addresses
are in fact reachable? Should be easy enough to find out - just write a
little Perl script to ping random hosts.. a day and several full file and
process tables, and about two hours of actual runtime later:
---
...
+160.16.82.221 (151/31246= 0.4833%) 6597s 4.74pings/s
+127.232.79.6 (152/31326= 0.4852%) 6614s 4.74pings/s
+130.151.41.1 (153/31332= 0.4883%) 6615s 4.74pings/s
+127.123.38.41 (154/31477= 0.4892%) 6646s 4.74pings/s
+127.164.49.30 (155/31479= 0.4924%) 6646s 4.74pings/s
+127.217.192.59 (156/31561= 0.4943%) 6664s 4.74pings/s
+127.148.252.233 (157/31576= 0.4972%) 6667s 4.74pings/s
+127.120.54.186 (158/31641= 0.4994%) 6680s 4.74pings/s
+127.10.92.143 (159/31680= 0.5019%) 6689s 4.74pings/s
+127.96.165.69 (160/32091= 0.4986%) 6775s 4.74pings/s
+127.153.219.200 (161/32515= 0.4952%) 6864s 4.74pings/s
+127.42.59.52 (162/32806= 0.4938%) 6925s 4.74pings/s
+127.239.225.13 (163/32869= 0.4959%) 6938s 4.74pings/s
+127.142.104.4 (164/33048= 0.4962%) 6976s 4.74pings/s
+127.175.215.62 (165/33111= 0.4983%) 6989s 4.74pings/s
+140.122.51.171 (166/33568= 0.4945%) 7085s 4.74pings/s
+127.253.175.177 (167/33724= 0.4952%) 7118s 4.74pings/s
+127.20.8.231 (168/33978= 0.4944%) 7171s 4.74pings/s
+127.190.255.36 (169/34368= 0.4917%) 7253s 4.74pings/s
+127.119.24.35 (170/35244= 0.4824%) 7437s 4.74pings/s
Tried: 35519 Reached: 170 ( 0.4786%)
Runtime: 7495 s at 4.74 pings/s
Probable reachable sites on the net: 20556446
---
The program forks 50 times (giving a load average of about 0.1 on my
machine), and the parent sends a random address to each child to try.
When the child pings or times out after 10 seconds, it returns a message
to the parent which tabulates it and sends a new address to try. It makes
some small effort to keep outgoing pings from piling up on each other as
well. Gave me an excuse to try out pipes, select, and signal handling in
Perl..
As you can see, the address space is still quite sparse (less than 1 out
of every 200 addresses is reachable in my test), with most being inside
the 127 net. At least for the purpose of SYN flooding, the assumption
that a random address is unreachable is probably safe and probably quite
useful. Any local protection has to bear this in mind, and perhaps keep a
cache of known good addresses handy.
--
"Love the dolphins," she advised him. "Write by W.A.S.T.E.."
---943244931-1464777792-841532616=:11491
Content-Type: TEXT/PLAIN; charset=US-ASCII; name=randping
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.3.93.960831181050.11491E@waste.org>
Content-Description:
IyEvdXNyL2Jpbi9wZXJsDQoNCiMgV3JpdHRlbiBieSBveHltb3JvbkB3YXN0
ZS5vcmcNCg0KJHNwbGl0PTUwOw0KJHRpbWVvdXQ9MTA7DQokZ29vZD0wOw0K
JHN0YXJ0PXRpbWU7DQoNCnN1YiBkb25lDQp7DQoJJHJhdGlvPSRnb29kLyR0
cmllczsNCgkJICAgICRydW49dGltZS0kc3RhcnQ7DQoJCSAgICAkcHBzPSR0
cmllcy8kcnVuOw0KCXByaW50ZiAiXG5UcmllZDogJHRyaWVzIFJlYWNoZWQ6
ICRnb29kICglNy40ZiUlKVxuIiwgJHJhdGlvKjEwMDsNCglwcmludGYgIlJ1
bnRpbWU6ICRydW4gcyBhdCAlLjJmIHBpbmdzL3NcbiIsICRwcHM7DQoJcHJp
bnQgIlByb2JhYmxlIHJlYWNoYWJsZSBzaXRlcyBvbiB0aGUgbmV0OiAiLCBp
bnQoJHJhdGlvKjEwMjQqMTAyNCoxMDI0KjQpLCJcbiI7DQoJa2lsbCA5LCBA
Y2hpbGRyZW47DQoJZXhpdDsNCn0NCg0KJHw9MTsNCg0KJHJlYWNoZWQ9MDsN
Cg0Kc3ViIHBpbmcNCnsNCiAgICBsb2NhbCgkcmV0LCR2YWwpOw0KDQogICAg
JFNJR3snQUxSTSd9ID0gc3ViIHtkaWV9Ow0KICAgIGFsYXJtKCR0aW1lb3V0
KTsNCg0KICAgICRyZXQ9MDsNCg0KICAgIG9wZW4oUElORywicGluZyAtYyAx
IC1uIC1xICRfWzBdfCIpOw0KDQogICAgZXZhbCgiXCR2YWwuPVwkXyB3aGls
ZSg8UElORz4pOyIpOw0KDQogICAgY2xvc2UoUElORyk7DQogICAgYWxhcm0o
MCk7DQoNCiMgICAgcHJpbnQgImdvdDogJHZhbFxuIjsNCiAgICANCiAgICAk
cmV0PTEgaWYoJHZhbD1+LzEgcGFja2V0cyB0cmFuc21pdHRlZC8pOw0KDQoj
ICAgIHByaW50ICJyZXR1cm5pbmcgJHJldFxuIjsNCg0KICAgICRyZXQ7DQp9
DQoNCnN1YiBmaGJpdHMNCnsNCiAgICBsb2NhbChAZmhsaXN0KSA9IEBfOw0K
ICAgIGxvY2FsKCRiaXRzKTsNCg0KICAgIGZvcihAZmhsaXN0KQ0KICAgIHsN
Cgl2ZWMoJGJpdHMsZmlsZW5vKCRfKSwgMSkgPSAxOw0KICAgIH0NCiAgICAk
Yml0czsNCn0NCg0Kc3ViIHBpbmdsb29wDQp7DQogICAgd2hpbGUoPCRpbnB1
dD4pDQogICAgew0KCSRhZGRyPSRfOw0KCWlmKHBpbmcgJGFkZHIpDQoJew0K
CSAgICBwcmludCAiKyRhZGRyXG4iOw0KCX0NCgllbHNlDQoJew0KCSAgICBw
cmludCAiLVxuIjsNCgl9DQogICAgfQ0KfQ0KDQpzcmFuZCh0aW1lKTsNCg0K
Zm9yKDEuLiRzcGxpdCkNCnsNCiAgICBwaXBlKCJSMSRfIiwiVzEkXyIpOw0K
ICAgIHBpcGUoIlIyJF8iLCJXMiRfIik7DQoNCiAgICBpZigkcGlkPWZvcmsp
DQogICAgew0KCSMgcGFyZW4NCglwdXNoKEBjaGlsZHJlbiwgJHBpZCk7DQoJ
cHVzaChAcmZpbGVzLCJSMSRfIik7DQoJJHdyaXRleyJSMSRfIn09IlcyJF8i
Ow0KCWNsb3NlKCJXMSRfIik7DQoJY2xvc2UoIlIyJF8iKTsNCiAgICB9DQog
ICAgZWxzZQ0KICAgIHsNCgkjIGNoaWxkDQoJY2xvc2UoIlIxJF8iKTsNCglj
bG9zZSgiVzIkXyIpOw0KDQoJc2VsZWN0KCJXMSRfIik7DQoJJHw9MTsNCgkk
aW5wdXQ9IlIyJF8iOw0KCXNlbGVjdCh1bmRlZix1bmRlZix1bmRlZiwkXyok
dGltZW91dC8kc3BsaXQpOw0KCXBpbmdsb29wOw0KICAgIH0NCn0NCg0KZm9y
ZWFjaCAkZmlsZSAoQHJmaWxlcykNCnsNCiAgICAkaGFuZGxlW2ZpbGVubygk
ZmlsZSldPSRmaWxlOw0KICAgIHB1c2goQG5vcyxmaWxlbm8oJGZpbGUpKTsN
Cn0NCg0KJGJpdHM9JmZoYml0cyhAcmZpbGVzKTsNCiRTSUd7J0lOVCd9PXN1
YiB7IGRvbmV9Ow0KDQpmb3JlYWNoICRmaWxlIChAcmZpbGVzKQ0Kew0KICAg
ICRhZGRyPWludChyYW5kKDI1NikpLiIuIi5pbnQocmFuZCgyNTYpKS4iLiIu
aW50KHJhbmQoMjU2KSkuIi4iLmludChyYW5kKDI1NikpOw0KIyAgICBwcmlu
dCAiJGFkZHJcbiI7DQogICAgJG9sZD1zZWxlY3QoJHdyaXRleyRmaWxlfSk7
DQogICAgJHw9MTsNCiAgICBwcmludCAiJGFkZHJcbiI7DQogICAgc2VsZWN0
ICRvbGQ7DQoNCn0NCg0KcHJpbnQgIlJlYWR5OlxuIjsNCg0Kd2hpbGUoMSkN
CnsNCiAgICAkbmZvdW5kPXNlbGVjdCgkcm91dD0kYml0cyx1bmRlZix1bmRl
ZiwgdW5kZWYpOw0KDQogICAgaWYoJG5mb3VuZCkNCiAgICB7DQoJZm9yZWFj
aCAkbm8gKEBub3MpDQoJew0KCSAgICBpZih2ZWMoJHJvdXQsJG5vLDEpKQ0K
CSAgICB7DQoJCSR0cmllcysrOw0KCQkkZmlsZT0kaGFuZGxlWyRub107DQoJ
CSRyZXN1bHQ9IDwkZmlsZT47DQoJCWNob21wICRyZXN1bHQ7DQojCQlwcmlu
dCAiKCRuby0+JHJlc3VsdCkiOw0KCQlpZigkcmVzdWx0PX4gL1wrLykNCgkJ
ew0KCQkgICAgJGdvb2QrKzsNCgkJICAgICRyYXRpbz0kZ29vZC8kdHJpZXM7
DQoJCSAgICAkcnVuPXRpbWUtJHN0YXJ0Ow0KCQkgICAgJHBwcz0kdHJpZXMv
JHJ1bjsNCgkJICAgIHByaW50ZiAiJHJlc3VsdCAoJGdvb2QvJHRyaWVzPSU3
LjRmJSUpICR7cnVufXMgJS4yZnBpbmdzL3NcbiIsICRyYXRpbyoxMDAsICRw
cHM7DQoJCX0NCg0KICAgICRhZGRyPWludChyYW5kKDI1NikpLiIuIi5pbnQo
cmFuZCgyNTYpKS4iLiIuaW50KHJhbmQoMjU2KSkuIi4iLmludChyYW5kKDI1
NikpOw0KDQoJCSRvbGQ9c2VsZWN0KCR3cml0ZXskZmlsZX0pOw0KCQlwcmlu
dCAiJGFkZHJcbiI7DQoJCXNlbGVjdCAkb2xkOw0KCQlzZWxlY3QodW5kZWYs
dW5kZWYsdW5kZWYsJHRpbWVvdXQvJHNwbGl0KTsNCgkgICAgfQ0KCX0NCiAg
ICB9DQp9DQoNCg0KDQoNCg0KDQoNCg==
---943244931-1464777792-841532616=:11491--
